Managed private network system

ABSTRACT

A managed private network (“MPN”) system for interconnecting enterprise entities to subscriber entities. The MPN system uses the ATM protocol and segregates data for an enterprise on to virtual connections dedicated to the enterprise. Each enterprise may have a single connection to the MPN system. The MPN system may forward data to various service providers through which subscriber entities may be connected to the MPN system. Thus, the enterprise entities need not have a separate physical connection to each service provider. Also, the MPN system can offer services (e.g., archival storage) to the enterprise entities. The MPN system ensures that data for one enterprise will not be intermingled with the data of another enterprise.

TECHNICAL FIELD

This disclosure relates generally to communications systems and inparticular to managing connections between enterprises and subscribers.

BACKGROUND

Enterprises (e.g., corporations) need to establish communicationchannels to various subscribers (e.g., employees). These communicationchannels may be through various service providers, such as the publictelephone switching network, Internet service providers (“ISP”), framerelay carriers, and digital subscriber line (“DSL”) carriers. The costof maintaining a communication channel to each service provider can bevery expensive for an enterprise. FIG. 1 is a block diagram illustratinga typical communications network to which an enterprise is connected.The enterprise 101 may be connected to service providers such as thetelephone company 103, ISP 104, and a frame relay carrier 105. Aseparate communications line 106-108, such as a T1 line, may be used toestablish each connection. In addition, each subscriber 109-113 may needa separate line 114-118 to connect to the ISP or frame relay carrier.The enterprise needs to maintain termination equipment for each of thephysical line 106-108 connected to a service provider. This terminationequipment may include a router, a channel service unit/digital serviceunit (“CSU/DSU”), and so on. Whenever the enterprise needs to establisha connection to a new service provider, the enterprise needs to purchasea new line and associated termination equipment. Similarly, whenever asubscriber needs to connect to an enterprise, the subscriber needstermination equipment (e.g. a modem) and may need to also have adedicated line (e.g., DSL) to the service provider.

The complexity and actual dollar cost of connecting to such serviceproviders can be very high. More importantly, the time delay inestablishing a connection to a service provider can be even more costly.Accordingly, it would be desirable to have a communications network thatwould help reduce the actual cost of the physical connections and inwhich connections to various service providers can be provided in atimely manner.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram illustrating a typical communications networkto which an enterprise is connected.

FIG. 2 is a block diagram illustrating the interconnections between themanaged private network (“MPN”) system and the enterprises, subscribers,and service providers.

FIG. 3A is a block diagram illustrating a typical initial configurationfor connecting an enterprise to its subscribers through an MPN system.

FIG. 3B is a block diagram illustrating a configuration when theenterprise's data center is directly connected to the MPN system.

FIG. 4A is a block diagram illustrating the connection of multipleenterprises and multiple subscribers through the MPN system.

FIG. 4B is a block diagram illustrating the architecture of the MPNsystem in one embodiment.

FIG. 5 is a block diagram illustrating the interconnections of theimplementing components of the MPN system in one embodiment.

FIG. 6 is a block diagram illustrating the data flow of a packet from asubscriber to an enterprise.

DETAILED DESCRIPTION

A managed private network system for allowing enterprises to connect tovarious subscribers through service providers without a need toestablish a direct physical connection to each service provider isprovided. The managed private network (“MPN”) system allows anenterprise to connect to multiple service providers through a singlephysical connection terminating at the enterprise. This physicalconnection is between the enterprise and an MPN system. In oneembodiment, the physical connection may be a high-speed line, such as aT3 line, and the communications between the enterprise and the MPNsystem is conducted using the asynchronous transfer mode (“ATM”)protocol. (The ATM protocol is described in “Hands-On ATM” by McDysanand Spohn and published by McGraw-Hill in 1998, which is herebyincorporated by reference.) When the MPN system receives data via thephysical connection from the enterprise, the MPN system causes the datato be routed to the appropriate service provider. The service providerthen forwards that data to the intended subscriber. Similarly, when asubscriber sends data to a service provider, that service providerroutes the data to the MPN system. The MPN system then forwards the datato the appropriate enterprise. Multiple enterprises may be connected tothe MPN system. The data of each enterprise is kept separate anddistinct from the data of other enterprise using, for example, a virtualconnection for each enterprise. Each enterprise may have its ownphysical connection to the MPN system. Also, each subscriber wouldtypically be assigned to a single enterprise.

The MPN system maintains various connections to service providers. Whenan enterprise wants to establish a connection to a service provider thatis already connected to the MPN system, the MPN system can bereconfigured to route data received via the physical connection from theenterprise to that service provider. In this way, the enterprise can usethe previously established physical connection with the MPN system totransmit data to a new service provider. In addition, the MPN system mayprovide additional services to the enterprise. For example, the MPNsystem may be coupled to an archival data storage system. The enterprisemay back up its data onto the archival storage system. Also, anenterprise may use the MPN system to provide primary or backup access tothe public telephone network.

In one embodiment, the MPN system comprises an aggregating ATMcomponent, a switching ATM component, and an intermediary LAN component.Each enterprise is connected to the switching ATM via a high-speedphysical communications line. Each service provider is connected to theaggregating ATM component via a physical communications line. Theaggregating ATM component may receive data generated by subscribers andsend data generated by the enterprise to the subscriber via a subscribervirtual connection dedicated to the subscriber by the aggregating ATMcomponent. The aggregating ATM component maps each subscriber virtualconnection to an enterprise/MPN virtual connection that is dedicated tothe enterprise to which the subscriber is assigned. The enterprise/MPNvirtual connection connects the aggregating ATM component to theswitching ATM component. When the switching ATM component receives datafrom a subscriber via the enterprise/MPN virtual connection, theswitching ATM component forwards the data to the intermediary LANcomponent. The intermediary LAN component decides how to process thedata. For example, the intermediary LAN component may decide to send thedata back to the switching ATM component so that it can be forwarded tothe enterprise. When the switching ATM component receives data from anenterprise via an enterprise virtual connection dedicated to theenterprise, it forwards the data to the intermediary LAN component.Again, the intermediary LAN component decides how to process the data.The intermediary LAN component may decide to send the data to theswitching ATM component so that it can be forwarded via theenterprise/MPN virtual connection to the aggregating ATM component. Theaggregating ATM component can then forward the data to the intendedsubscriber via the subscriber virtual connection. The intermediary LANcomponent may process the data in ways other than forwarding the data.If the data is destined for a server which is connected to theintermediary LAN component via a LAN, such as an Ethernet VLAN, theintermediary LAN component may forward the data to a LAN or virtual LANdedicated to the enterprise. The switching ATM component may forwarddata to and receive data from the intermediary LAN component via virtualconnections dedicated to each enterprise. Thus, the MPN system uses aseries of virtual connections (each virtual connection in the seriesdedicated to a single enterprise) to send data between that enterpriseand the aggregating ATM. In this way, the data of an enterprise can bekept separate and distinct from that data of other enterprises.

FIG. 2 is a block diagram illustrating the interconnections between theMPN system and the enterprises, subscribers, and service providers. Theenterprise 201 is a connected to the MPN system 202 via a singlephysical layer connection 203, such as a T3 line. The MPN system isconnected to each service provider 203-205 via a single physical layerconnection 207-209, such as a T1 line. The MPN system may be connectedto a service provider, such as an ISP 206, indirectly through anotherservice provider such as to the Internet 204. The MPN system establishesa series of virtual connections (VC) for each enterprise. This series ofvirtual connections may optionally extend to each service provider asshown in FIG. 2. The MPN system may provide a connection to a computersystem colocated with the MPN system for use by the enterprises. Each ofthe subscribers 212-216 are connected to a service provider via a singlephysical layer connection 217-221, such as a dial up or a T1 line. Thevarious virtual connections can be established to have different qualityof service requirements that are implemented via the ATM components. Forexample, the virtual connection to a telephone company service providermay need a real-time quality of service, whereas a virtual connectionused for email may only need a non-real-time quality of service.

FIG. 3A is a block diagram illustrating a typical initial configurationfor connecting an enterprise to its subscribers through an MPN system.The enterprise 301 may be connected to the MPN system 304 via a singlephysical layer connection 305, and the MPN system may be connected toonly one service provider, such as a frame relay carrier 306, via asingle physical layer connection, such as a T1 line 307. The serviceprovider may be connected to each subscriber 308-310, such as a branchoffice of the enterprise, via a physical layer connection 311-313. Inthis configuration, the MPN system establishes a series of virtualconnections between each enterprise and the service provider. Thevirtual connections may be established from an enterprise to a serviceprovider if, for example, the aggregating ATM component is located at oris under the control of the service provider. The enterprise in thisconfiguration may have a physical layer connection 303 directly to itsdata center 302.

FIG. 3B is a block diagram illustrating a configuration when theenterprise's data center is directly connected to the MPN system. Inthis example, the data center as shown in FIG. 3A is now shown asconnected to the MPN system via physical layer connection 315. The MPNsystem establishes a series of virtual connections dedicated to theenterprise from the enterprise to the data center 314. The data centermay replace the data center of the enterprise or may serve to augmentthat data center. For example, data center 314 may serve as a backup todata center 302 in the event of a failure that prevents the enterprisefrom accessing data center 302.

FIG. 4A is a block diagram illustrating the connection of multipleenterprises and multiple subscribers through the MPN system. Eachenterprise 401-402 is connected to the MPN system 403 via a physicallayer connection 404-405. Each service provider 406-407 is connected tothe MPN via a physical layer connection 408-409. Each subscriber 411-414is assigned to an enterprise. For example, subscriber 411 may be anemployee of enterprise 401, and subscriber 414 may be a branch office ofenterprise 402. In one embodiment, a series of virtual connections isestablished for each enterprise that extends from the enterprise to theaggregating ATM component.

FIG. 4B is a block diagram illustrating the architecture of the MPNsystem in one embodiment. The MPN system includes the aggregating ATMcomponent 450, a switching ATM component 460, and an intermediary LANcomponent 470. The aggregating ATM component is connected to variousservice providers via connections 440 and is connected to the switchingATM component via connection 441. The switching ATM component isconnected to the intermediary LAN component via connections 442 and 443and is connected to the enterprises via connections 444. Theintermediary LAN component is connected to a LAN 480 that includesvarious computers 481 that are assigned to enterprises. The aggregatingATM component includes aggregation module 451 and asubscriber/enterprise map 452. The aggregation module receives ATM datagenerated by subscribers from the service providers via subscribervirtual connections. The aggregation module uses thesubscriber/enterprise map to identify to which enterprise a subscriberis assigned. The aggregation module forwards the ATM data for asubscriber through an enterprise/MPN virtual connection for theenterprise on physical connection 441. The aggregation module alsoroutes ATM data received via connection 441 to the correspondingsubscriber virtual connection of the subscriber on physical connections440. The switching ATM component includes a subscriber interface module461 and an enterprise interface module 462. The subscriber interfacemodule transmits ATM data between the aggregating ATM component and theintermediary LAN component. The enterprise interface module routes theATM data between the intermediary LAN component and the enterprises. Theintermediary LAN component includes a subscriber ATM/LAN module 471 andan enterprise ATM/LAN module 472. The subscriber ATM/LAN moduletransmits ATM data between the subscriber side of the switching ATMcomponent and the LAN. The subscriber ATM/LAN module converts ATM datato LAN formatted data, and vice versa. Data is transmitted between thesubscriber ATM/LAN module and the subscriber interface module via avirtual connection dedicated to an enterprise through physicalconnection 442. The enterprise ATM/LAN module routes ATM data betweenthe LAN and the enterprise side of the switching ATM component. Theenterprise ATM/LAN module converts ATM data to LAN formatted data, andvice versa. Data is transmitted between the enterprise/ATM module andthe enterprise interface module via a virtual connection dedicated to anenterprise through physical connection 443. The subscriber andenterprise ATM/LAN modules may alternately transmit ATM data directly toeach other bypassing the LAN (i.e., “bypass mode”). The LAN may have aVLAN for each enterprise. When an ATM/LAN module transmits data onto theLAN it directs it to the appropriate VLAN for the enterprise. Thecomputers connected to the LAN can then process the data as appropriate.For example, a computer on the VLAN may provide archival storagecapabilities for an enterprise. In one embodiment, the intermediary LANcomponent may be directly connected to a service provider such as thepublic telephone network system. In this way, the intermediary LANcomponent could direct voice over IP data to the public telephonenetwork system. One skilled in the art would appreciate that the MPNsystem may be implemented with many different architectures. Generally,the MPN system provides a single physical connection to each enterprisethrough which the enterprise can communicate with its subscribers. TheMPN system can be augmented to provide additional services (e.g.,archival storage) to the enterprises. Since connections to theenterprises are already established, the incremental cost of providingthe additional services may be small. An enterprise may be alternativelyconnected directly to a LAN of the intermediary LAN component. In thiscase, the data of the enterprise would flow through the LAN to theintermediary LAN component to the switching ATM component, and on to theaggregating ATM component. An enterprise may connect directly to theintermediary LAN component if, for example, the computer system of theenterprise is collocated with the intermediary LAN component or theenterprise has a high-speed (e.g., optical fiber) LAN connection to theMPN system.

The virtual connections dedicated to an enterprise may correspond to acommon network layer dedicated to the enterprise. The network layer maycomply with layer 3 of the International Standards Organization (“ISO”)Open Systems Interconnection (“OSI”) protocol reference model. Thevarious service providers may use different implementations of thesub-network layer. That is, the service providers may use differentphysical and data link layer implementations of the OSI model. The MPNsystem can aggregate data from multiple service providers regardless oftheir sub-network layer implementations.

In one embodiment, in the MPN system is implemented using the followingcomponents.

Functional Component Implementing Component Aggregating componentRedback Networks SMS-1000 Intermediary LAN component Cisco SystemsCatalyst 5513 Switching component Cisco Systems LightStream 1010

Tables 1-3 illustrate the configuration of the implementing componentsin one embodiment.

TABLE 1 Redback Networks SMS-1000 RB-CHAC-IS-1K Redback 1000 Chassiswith AC input RB-PS-1K-AC AC power supply RB-PS-1K-AC AC power supplyRB-CE1-1K-32MB Control Engine with 32MB RAM RB-FE-1K-8MB ForwardingEngine with 8MB RAM RB-EIM-1K-2TX 2x10/100 BaseT Ethernet I/O ModuleRB-AIM-1K-2DS3 2xATM DS-3 I/O Module RB-AIM-1K-20C3MM 2xATM OC-3 I/OModule RB-SW4000-1K-1.0 4000 subscriber AOS (access Operating System)Software License

TABLE 2 Cisco Systems Catalyst 5513 WS-C5500 Catalyst 5513 ChassisWS-C5508 Catalyst 5500 AC Power Supply WS-5508/2 Redundant Catalyst 5500AC Power Supply WS-X5530-E3 Catalyst 5500/5000 Supervisor Engine Modulew/NFFC II WS-U5533-FEFX-MMF Dual Port 100BaseFX MMF Uplink Module forSupervisor WS-X5225R 24 Port 10/100TX Backbone Switching (FEC,802.1Q/ISL, RJ-45)

TABLE 3 Cisco Systems LightStream 1010 L1010-ASP-C-FC1 ATM SwitchProcessor with FC-Per-Class Queuing SF-WAS5-5 LS1010 IIsp and PNNIFeature Set MEM-ASP-64M LightStream 1010 64 MB DRAM WATM-CAM-2PLightstream1 - 1 - /C5500 Carrier Module WATM-CAM-2P Lightstream1 - 1 -/C5500 Carrier Module WAI-OC3-4MM 4Port STS-3c/STM-1 Multimode Fiber PAMMAI-T3-4BNC 4 Port DS-3 Port Adaptor Modules WAI-T1-4RJ48 4 Port T1(ATM) with RJ-48 Interface PAM WA1-OC3-4SS 4 Port STS-3c/STM-1Single-Mode Fiber PAM

FIG. 5 illustrates the interconnections of the implementing componentsof the MPN system in one embodiment. Each service provider 501-504 isconnected to an I/O module of the subscriber management system (“SMS”)component 505 (e.g., the Redback Networks SMS-1000). For example, an ATMcomponent of a digital subscriber line (“DSL”) service provider may beconnected to an ATM DS-3 I/O module of the SMS component. An ATM OC-3I/O module of the SMS component is connected to an ATM I/O module of theLightStream component 507 (e.g., the Cisco Systems LightStream 1010). AnATM OC-3 I/O module of the LightStream component is connected via twoconnections to the Catalyst component 506 (e.g., the Cisco SystemsCatalyst 5513). In this embodiment, two separate physical connections tothe Catalyst component are needed because the Catalyst component isdesigned to not send a packet back out on the same connection on whichit was received. Therefore, to send a packet back to the LightStreamcomponent a second connection is needed. This is referred to as a “splithorizon” problem. Each connection between the LightStream component andthe Catalyst component is connected to a separate LAN emulation (“LANE”)module of the Catalyst component. Each enterprise 508-511 is connectedto an I/O module (e.g., an ATM OC-3 I/O module) of the LightStreamcomponent. The operation of each implementing component is described inthe following.

The SMS component serves as a connection aggregation point that allows alarge number of incoming physical and virtual connections from a varietyof service providers to be terminated and segregated according todefined policies. For example, a single enterprise may have severalhundred subscribers using DSLs through two different service providersand may have 50 locations using frame relay T1 lines through one serviceprovider and 10 locations using point-to-point T1 lines through anotherservice provider. These connections are directly attached to be SMScomponent. The SMS component binds (i.e., logically associates on anexclusive basis) each subscriber virtual connection to a SMS context(i.e., a logical secure partition within the SMS component). A currentimplementation of the SMS component may support 8000 incomingconnections bound to as many as 40 different contexts. Future upgradesof the SMS component may provide for more connections and contexts.

The SMS component is connected to the LightStream component over one ormore physical ATM connections (e.g., a multimode OC-3 connection). Eachcontext of the SMS component forwards its data via a singleenterprise/MPN virtual connection to the LightStream component. Thus,the segregation of enterprise data performed by the SMS component isextended to include the connection to the LightStream component and theremainder of the MPN system. This segregation provides a high level ofsecurity for an enterprise in that data packets for an enterprise arenot intermingled with data packets of other enterprises on a singlevirtual connection.

The LightStream component receives data for each enterprise on aseparate virtual connection from the SMS component. The LightStreamcomponent performs the following major functions:

1. The LightStream component builds and binds each incoming enterprisevirtual connection to another virtual connection on one LANE modulewithin the Catalyst component. The connection from the LightStreamcomponent to the Catalyst component is over physical OC-3 multimodeconnection.

2. The LightStream component builds and binds a virtual connection toanother LANE module within the Catalyst component over another physicalOC-3 multimode connection. The Catalyst component binds each virtualconnection of the one LANE module to a virtual connection on the otherLANE module.

3. The LightStream component binds each virtual connection from theother LANE module to a virtual connection on a port interface card inthe LightStream component to which an enterprise may connect a circuitthat extends back to the enterprise's primary data center or corporatenetwork. The enterprise's physical connection to the media or wirecarrying the data may be via a router located at the enterprise.

The Catalyst component is an Ethernet switch with an ATM interfaceincluded in an ATM LANE module. Each LANE module provides aninterconnection between an ATM virtual connection and an Ethernetvirtual local area network (“VLAN”). A VLAN is logical partition of anEthernet network. The connection from the SMS component via theLightStream component into the one LANE module is switched to either toa local Ethernet LAN or back onto the other LANE module bound to theenterprise.

FIG. 6 is a block diagram illustrating the data flow of a packet from asubscriber using DSL to an enterprise. A packet may originate at apersonal computer 601 of a subscriber and be transmitted via an Ethernetnetwork to a customer's customer premise equipment 602 (“CPE”). Thepacket may be formatted as an Ethernet frame in the IEEE 802.2 mediaaccess layer and 802.3 topology protocols. When the CPE receives theframe, it uses its media access control (“MAC”) address resolution table(“ARP”) to determine if the requested destination is on a locallyconnected network or other remote network. If the destination is on thelocally connected network, then the CPE delivers the frame as specifiedby the IEEE 802 protocol. If the destination is remote, then the CPEsegments and reassembles (“SARs”) the MAC frame in the ATM cell and tagsit as a bridge or routed packet data unit (“PDU”) in accordance with theRFC 1483 specification within the payload field of the common partconvergence sublayer (“CPCS”) PDU of the ATM adaptation layer, type 5SNAP (“AAL5 SNAP”). The CPE then injects the cell into a virtualconnection of the attached wide area network circuit.

The CPE generated cell then arrives at the SMS component 603 of aspecific ATM virtual connection, which may be one of many virtualconnections carried on a single physical layer ATM line and where eachvirtual connection is established for each CPE. The SMS componentassociates the PDU with a bridging group associated with the enterpriseto which the subscriber is assigned. The PDU is then the segmented andreassembled to strip away the AAL5 SNAP header information so that thetype of payload (e.g., bridge to ethernet packet) contained with in thecell can be determined. The SMS component then forwards the Ethernetframes to the virtual connection to the destination MAC addressspecified in the Ethernet frame header, which could be other customerpremise equipment or the LightStream component.

A bridging group is a transparent bridge using IEEE 802 protocol familyencapsulation for Ethernet frames. Each bridging group holds a bridgingtable of known MAC addresses (acquired locally or using a spanning treeprotocol from adjacent devices) and switches traffic outbound across thevirtual connection closest to the destination MAC address if the MACaddress is contained in the bridging table. Any traffic destination foran unknown MAC address is flooded outbound on all virtual connectionswithin the bridging group.

The SMS component then the segments and reassembles the Ethernet frameinto ATM cell that is tagged as a 1483 PDU in the payload field of theCPCS PDU of the AAL5 and that is then injected into the enterprise/MPNvirtual connection over physical connection 603A. The cell is forwardedover the enterprise/MPN virtual connection dedicated to the enterprise'straffic to the LightStream component 604.

When the LightStream component receives the cell on the enterprise/MPNvirtual connection, it switches the cell onto a virtual connectiondedicated to the enterprise that is statically mapped to a virtualconnection over physical connection 604A bound to a LANE module of theCatalyst component 605. There is a one-to-one relationship between theenterprise/MPN virtual connection for an enterprise and the virtualconnection for enterprise on the LANE module. When the cell is receivedat the LANE module, the module segments and reassembles it back into anEthernet frame with an associated destination MAC address. The LANEmodule then decides whether to forward to the cell to a VLAN or to theenterprise. If the cell is to be routed onto a VLAN, it is directed to aRFC 802.1q or Cisco ISL VLAN which is directly associated with theincoming virtual connection on a one-to-one basis. This VLAN isterminated directly on an 802.3 Ethernet port on the Catalyst component.If the cell is destined to the enterprise, then the Catalyst componentforwards the cell to the other LANE module on a virtual connectiondedicated to the enterprise that is statically mapped to the virtualconnection for the enterprise. The Catalyst component segments andreassembles the frame and tags it as a 1483 PDU in the payload field ofthe CPCS PDU of the AAL5 SNAP header and then injects it into thevirtual connection dedicated to the enterprise.

The LightStream component receives the cell and switches it to a singleenterprise virtual connection that is mapped on a one-to-one basis to aphysical ATM connection connected to an enterprise. This enterprisevirtual connection is terminated at a CPE device located at theenterprise's main data center or the enterprise's LAN location. The CPEdevice receives the cell and segments and reassembles it back anEthernet frame. The CPE device then injects the frame according to theIEEE 802 protocol standards onto the local area network at theenterprise.

From the foregoing, it will be appreciated that although specificembodiments of the MPN system have been described for purposes ofillustration, various modifications may be made without deviating fromthe spirit and the scope of the invention. For example, a virtualconnection can be extended from an enterprise to a service provider byeither providing a physical ATM connection from the service provider tothe LightStream component or providing a physical Ethernet connectionfrom a service provider to the Catalyst component. That is, thefunctions of the various components can be located at or controlled bydifferent entities (e.g., service providers). Also, the functionsprovided by the various components can be even further divided amongmore components or consolidated into fewer components. For example, thefunction associated with the connection to each LANE module of theCatalyst component could be performed by different LightStreamcomponents. Also, each component may be replaced by multiple components(arranged as a network or hierarchy) to facilitate scalability of theMPN system. For example, the SMS component can be replaced by multipleSMS components in a hierarchical or non-hierarchical arrangement. Also,the enterprises and subscribers may be any entity including acorporation, division, branch, employee and so on. Accordingly, theinvention is not limited except by the following claims.

1.-11. (canceled)
 12. A method of doing business comprising:establishing a connection between a network and enterprise entities;establishing a connection between the network and subscriber entities,wherein each subscriber entity is assigned to an enterprise entity;transmitting data between the enterprise entities and their subscriberentities; and providing a service to an enterprise entity whereby theservice uses data transmitted to the network from the enterprise entityvia the established connection.
 13. The method of claim 12 wherein thenetwork uses an ATM protocol.
 14. The method of claim 12 wherein thenetwork segregates data for the enterprises into virtual connectionsdedicated to an enterprise.
 15. The method of claim 19 wherein anenterprise entity can transmit data to subscriber entities throughdifferent service providers.
 16. The method of claim 12 wherein theprovided service includes converting ATM data to LAN data.
 17. Themethod of claim 12 wherein the service is forwarding data between theenterprise entity and a telephone network.
 18. The method of claim 12wherein the service is archival storage of data of an enterprise entity.19. The method of claim 12 wherein some subscriber entities areconnected to the network indirectly through service providers.
 20. Amethod in a communications system for transmitting data from subscribersto enterprises, the method comprising: receiving data of subscribersthrough multiple service providers using different sub-network layers;and for each enterprise, transmitting the received data of thesubscribers assigned to that enterprise into a network layer for theenterprise whereby the data for each enterprise is transmitted via aseparate network layer.
 21. The method of claim 20 wherein thesub-network layers are the physical and data link layers of the OSIprotocol and the network layer is the network layer of the OSI protocol.22. The method of claim 20 further including transmitting data fromenterprises to subscribers by receiving data of an enterprise through anetwork layer for the enterprise and transmitting the data to theservice provider associated with the subscriber.
 23. The method of claim20 wherein an aggregating ATM component receives the data from theservice providers.
 24. The method of claim 20 wherein a switching ATMcomponent transmits data to the enterprises.
 25. The method of claim 20further including receiving data from an enterprise and forwarding thereceived data to a LAN dedicated to the enterprise.